In Go before 1.15.13 and 1.16.x before 1.16.5 some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

...

Samsung Universal Print Driver for Windows–Potential Escalation of Privilege

The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018. Update your printer software...

PT-2024-37127

Name of the Vulnerable Software and Affected Versions: Samsung Universal Print Driver for Windows versions prior to 2018 Description: The issue allows for escalation of privilege, enabling the creation of a reverse shell in the tool. This affects products released or manufactured before 2018...

SAMSUNG Universal Print Driver 安全漏洞

SAMSUNG Universal Print Driver is a print driver from Samsung South Korea that allows users to support multiple Samsung printer devices by installing a single driver. A security vulnerability exists in SAMSUNG Universal Print Driver version 3.00.16.0101, which stems from vulnerability to privileg...

Exploit for Insufficient Session Expiration in Totolink T8_Firmware

CVE-2022-0944: Privilege Escalation Vulnerability in OverlayFS...

Exploit for Code Injection in Sqlpad

CVE-2022-0944 A proof of concept exploit for SQLPad RCE CVE...

pgAdmin 8.4 Code Execution

============================================================================================================================================= | Title : pgAdmin 8.4 PHP Code Execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...

Apache Reverse Proxy Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Reverse Proxy Bypass Vulnerability Scanner', 'Description' = %q Scan for poorly configured reverse proxy servers. By default, this module...

DNS Record Scanner and Enumerator

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DNS Record Scanner and Enumerator', 'Description' = %q This module can be used to gather information about a domain from a given DNS server by...

Malicious code in calculator-c08d6d50f5964131 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6343baa8b5e97a91b02979723f28035221550addc225d0e3911916a51ef5ef37 Clearly research/pentesting examples containing reverse shell. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anythin...

MAL-2024-12229 Malicious code in calculator-c08d6d50f5964131 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6343baa8b5e97a91b02979723f28035221550addc225d0e3911916a51ef5ef37 Clearly research/pentesting examples containing reverse shell. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anythin...

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

Attackers are increasingly using new phishing toolkits open-source, commercial, and criminal to execute adversary-in-the-middle AitM attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MF...

CVE-2024-45049

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

CVE-2024-45049 Nix Hydra Missing authentication when triggering evaluations

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying...

Exploit for Improper Input Validation in Cacti

Cacti CVE-2024-25641 Authenticated Package Upload RCE Proof of...

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized ...

[SECURITY] Fedora 40 Update: nginx-1.26.2-1.fc40

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Exploit for Path Traversal in Apache Http_Server

Apache-HTTP-Server-2.4.50-RCE This tool is designed to test A...

Fedora: Security Advisory for nginx (FEDORA-2024-8ba5080dfa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...